Is it ok to enforce non-secure connection?

I have an e-commerce site which switches to a https connection when a user goes to the shopping cart and starts inputting personal details.

I would like any traffic that is NOT for the shopping cart to go through http, even if the request https. So for example, a request to https://myhomepage.php would be 301 to http://myhomepage.php.

The use of https on, for example, my homepage has lead to certain issues, such as duplicate entries in the google index, and ‘mixed content’ errors calling non secure 3rd party content. All of which are solvable in their own way, but forcing a non https connection would solve them too.

Anyone see any problem with this?

Yeah that’s basically what I was talking about. Any https request to a page which doesn’t need to be https -> 301 to http. The converse (301 http to https) is already done in the user input section.

I couldn’t see a problem with it, but wanted a second opinion.

I think you should just 301 force everything to the http and only keep the user input on the https, you could do a simple header location change and keep the uri and etc intact while redirecting.

You might also want to log into Google Webmaster Tools and adjust the crawl rate to get rid of those duplicated entries.